Cybersecurity Governance & Compliance Officer "GRC"

SSC HR Solutions

  • Riyadh
  • Permanent
  • Full-time
  • 24 days ago
  • Apply easily
Maintain Cybersecurity Governance: To refresh and align cybersecurity governance with regulatory requirements and best practices.Ensure Cybersecurity Risk Management: To identify and assess cybersecurity risks to improve security posture and reduce impact.Uphold Cybersecurity Compliance: To assure cybersecurity compliance requirements are audited and remediated accordingly.Improve Cybersecurity GRC Operations: To enhance various GRC assessments and activities and be more agile in a fast-paced enterpriseCybersecurity Compliance Tasks
  • Perform assessments based on NCA regulations (such as ECC and OSMACC) and the client standards.
  • Track findings, communicate with internal stakeholders, and validate evidences.
  • Support in internal audit activities.
  • Support in external audit activities (ISO27001).
  • Prepare weekly and monthly status report for compliance status.
Cybersecurity Risk Management Tasks
  • Perform risk assessments for new solutions and third parties, as well as major technology changes.
  • Maintain risk register, follow up on mitigation plane with stakeholders and validate evidences.
  • Represent cybersecurity in IT demand management and IT change management.
  • Participate and develop Root Cause Analysis corrective actions resulting from Cybersecurity incidents.
  • Prepare weekly and monthly status report.
Cybersecurity Governance Tasks
  • Review and update cybersecurity documentation such as standards and policies, as well as other documents part of cybersecurity governance framework.
  • Develop new standards, processes, and procedures.
  • Monitor cyber practices and operational KPIs.
  • Create a governance review plan.
Requirements5 Years of Experience s a GRCThe candidate should be aware of the following frameworks
  • NCA – ECC National Cybersecurity Authority - Essential Cybersecurity Controls – ECC–1:2018
  • NCA – CCC National Cybersecurity Authority - Cloud Cybersecurity Controls –CCC–1:2020
  • NCA – TCC TCC–1:2021
  • NCA – OSMACC National Cybersecurity Authority – Organization’s Social Media Accounts Cybersecurity Controls –OSMACC–1:2021
  • NCA – DCC National Cybersecurity Authority - Data Cybersecurity Controls – DCC–1:2022
  • NDMO National Data Management Office Regulations and Standards
  • ISO27001: 2022 ISO (International Organization for Standardization) 27001 SO/IEC 27001:2022 standard for Information Security Management Systems (ISMS)

SSC HR Solutions